CodeBreakers-Journal - Portal for IT-Security & IT-Anti-Security - Hooking Windows API - Technics of hooking API functions on Windows

Side Story
Virtual Machine Rebuilding

Virtual Machines are one of the most controversial protection methods used nowadays. I try to show how virtual machines are created by examining the full reversed source code of the VM used in the T2'06 challenge, worth $1'500. It explains how to code a VM and helps those who wanted to analyse such challenge by giving direct access to its source code and its structures. The RE-built source code of T2'06 is in appendix.

Latest Papers

Journals

CodeBreakers Journal

Assembly Programming Journal

Journal Issues

RECON2006 Conf. Proc.

Vol.3, No.1, 2006

RECON2005 Conf. Proc.

Vol.2, No.1, 2005

Vol.1, No.2, 2004

Vol.1, No.1, 2004

Statistics

Members: 1927
News: 293
Web Links: 1
Visitors: 4053262

Featured Conference Video

OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!

Home

Articles - Programming

Reverse Code Engineering

Hooking Windows API - Technics of hooking API functions on Windows

Written by Holy Father

Side Story
Virtual Machine Rebuilding

This text is about hooking API functions on OS Windows. All examples here completely works on Windows systems based on NT technology version NT 4.0 and higher (Windows NT 4.0, Windows 2000, Windows XP). Probably will also work on others Windows systems.You should be familiar with processes on Windows, assembler, PE files structure and some API functions to understand whole text. When using term ”Hooking API” here, I mean the full change of API. So, when calling hooked API, our code is run immediately. I do not deal with cases of API monitoring only. I will write about complete hooking.

Download: